Feature #3727: Security: Session Hijacking erschweren - QFQ - Project @ iMath

Actions

Copy link

Feature #3727

open

Security: Session Hijacking erschweren

Added by Carsten Rose about 7 years ago. Updated 9 months ago.

Status:

New

Priority:

Normal

Assignee:

Support: Web

Target version:

CodingWeek2023

Start date:

13.05.2017

Due date:

% Done:

Estimated time:

Discuss:

Prio Planung:

Vote:

Description

Problem 1: durch '[FE][lockIP] = 0' wird der Schutz gegen Session Hijacking fuer FE-User verringert.
Problem 2: in QFQ ist kein 'Session Hijacking' based on changed IP detection implementiert.

Beides koennte leicht implementiert werden:

Zu 1)
- Entweder eine Extension schreiben die gewisse IPs immer zulaesst (z.B. die lokalen IPs) - es gab entsrpechende Extensions.
- Oder in QFQ diesen Check implementieren (z.B. in dem sich QFQ beendet, sollte der aktuelle FE User einer FE Gruppe angehoeren)

Zu 2) implementieren. Am besten aehnlich konfiguriert wird '[FE][lockIP]'

History
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

QFQ

Custom queries

Feature #3727

Security: Session Hijacking erschweren

Updated by Carsten Rose almost 7 years ago

Updated by Carsten Rose about 6 years ago

Updated by Carsten Rose almost 6 years ago

Updated by Elias Villiger almost 6 years ago

Updated by Carsten Rose over 5 years ago

Updated by Carsten Rose over 5 years ago

Updated by Carsten Rose about 5 years ago

Updated by Carsten Rose over 4 years ago

Updated by Carsten Rose over 4 years ago

Updated by Carsten Rose over 4 years ago

Updated by Carsten Rose about 3 years ago

Updated by Carsten Rose over 1 year ago

Updated by Carsten Rose 9 months ago